Daira Hopwood
15d59f11c4
Add note about non-uniformity of Orchard ivk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
Daira Hopwood
119abe37c3
ExtractP(\ZeroP) should be 0, and ExtractP^\bot(\bot) should be \bot.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
Daira Hopwood
65ebb2266d
Fix some URLs in references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
teor
572338f01a
Add action descriptions to the Note Commitments section intro
2021-04-13 09:45:33 -04:00
teor
151e8c9661
Typo: Decription -> Description
2021-04-12 11:07:03 +10:00
Daira Hopwood
88c338b9e1
Specify that a unified payment address MUST contain at least one shielded payment address.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 22:12:29 +01:00
Daira Hopwood
18fbfdefe5
Correct ZKSpend.Verify to ZKOutput.Verify in \crossref{outputdesc}. fixes #481
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 22:00:53 +01:00
Daira Hopwood
cc9c41a598
More clarifications to \theoremref{thmsinsemillacr}.
...
Co-authored-by: Taylor Hornby <taylor@electriccoin.co>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 21:51:59 +01:00
Daira Hopwood
4f50d5e515
Make sure that Change History entries are URL destinations. fixes #462
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 21:51:00 +01:00
Daira Hopwood
a0d048ed1e
Update Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
417076e50d
Make a note in \crossref{inbandrationale} of the divergence of ivk from a uniform scalar.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
1eec1f9832
Remove anchorSapling field when there are no Spends.
...
This corresponds to e0b08fd576
in ZIP 225.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
49f3b206f5
Fix type error in kdfinput for KDF^{Sapling,Orchard} (`ephemeralKey` is already a byte sequence).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
41580ec06d
Cosmetics in Sapling Output statement.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
c367a22098
Explicitly note that the end of the ZIP 212 grace period precedes NU5 activation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
3a312dc5a9
Expand the set of ZIPs associated with NU5 in \crossref{networkupgrades}, and reference the Orchard and halo2 books there.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
6c3099843d
Add a caveat about reuse of rivk between PRF^expand and Commit^ivk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
3826d43930
Correct the set of inputs to PRF^expand used for ZIP 32 and Orchard in \crossref{abstractprfs}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
de0bc97bb2
Cosmetics (page breaking).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
bb985e039a
Section \crossref{concreteorchardkdf} should be in the NU5 colour (slate blue).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Deirdre Connolly
ec6c10fc5c
Add a note to the Sending Notes (Orchard) section about using a dummy note for ρ.
...
Co-authored-by: Deirdre Connolly <deirdre@zfnd.org>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
6c8f9fb478
Update the Sprout key component diagram in \crossref{addressesandkeys} to remove magenta highlighting.Remove magenta highlighting
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
e1f105eaa1
Add note about use of big-endian order in the encoding of BLS12-381 points.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
3a55af9b1f
Cosmetics and indexing.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
7bfdce2d6a
Write caution about linkage between the abstract and concrete protocols in \crossref{cautionlinkage}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
1097313feb
Fix errors in the Sinsemilla proofs:
...
* SinsemillaHash is defined in terms of SinsemillaHashToPoint, which also takes the D argument.
* correct errors due to 1-based indexing.
* the argument for exceptional cases got the scalars and range of j wrong.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
cce172ace8
Cosmetics (page breaking).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
f45b6b5d66
Add Action Statement ref to flags note
...
This change makes it clearer that the note spend and creation
rules are implemented as part of the proof.
Co-authored-by: teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
teor
ecb2ccd3f4
Copy outCiphertext description to the encoding tables
2021-04-01 02:11:35 +01:00
Daira Hopwood
f66887cdee
Fix an off-by-one error.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 19:40:57 +00:00
Daira Hopwood
b4aac633f4
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 19:31:45 +00:00
Daira Hopwood
2f246ce24d
Other fixes to the Orchard specification, including generation of dummy notes and output notes.
...
fixes #465
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 19:17:33 +00:00
Daira Hopwood
aa86282e16
Change the specifications of note decryption to return the note and memo, rather than a note plaintext.
...
Generalize the specification of block chain scanning to support Orchard.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
Daira Hopwood
c50bdbd9ce
Delete a confusing part of the definition of concatbits that we don't rely on.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
Daira Hopwood
b27213dfd3
Move the definition of ⊥ to before its first use.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
Daira Hopwood
cd1b4de8f9
Update the hashFinalSaplingRoot/hashLightClientRoot/hashBlockCommitments field for NU5.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
Daira Hopwood
74dfa80194
Fix errors in Orchard due to cut-and-paste from Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
Daira Hopwood
4d3204b8e1
Describe the recommended way to encode a Sapling or unified payment address as a QR code.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
Daira Hopwood
bbc6131f29
Update specification of Poseidon.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
Daira Hopwood
212fdc8752
Add references for the halo2 book.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
5e55821889
NCC audit: Make the description of when fields are included in v5 transactions consistent
...
between the protocol specification and ZIP 225. Also regenerate the HTML for ZIP 225.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
55af963e53
NCC audit: Add a definition for the section symbol in \crossref{introduction}, before its first use.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
5fef9270e2
NCC audit: Correct the sizes of SpendDescriptionV5 and OutputDescriptionV5 in the version transaction format.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
bfc6a8e33c
NCC audit: Document the limitation on the domain separation string for the group hash into Pallas/Vesta.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
a68c7d24d0
NCC audit: Document that the choice of nonsquare for λ_G in \crossref{concretegrouphashpallasandvesta} makes no difference
...
to the output of map_to_curve_simple_swu.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
fa2b1c6ce9
Correct the output type of sqrt_ratio.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
ab0e248036
NCC audit: Document that the use of k = 256 in hash_to_field is intentional,
...
despite the Pallas curve only having 126-bit conjectured security against generic attacks.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
9d62142142
NCC audit: Fix a discrepancy between \crossref{concretegrouphashpallasandvesta} and \cite{ID-hashtocurve}.
...
The zero padding in expand_message_xmd should be 128 bytes (matching the input block size of
BLAKE2b), rather than 64 bytes.
See also https://github.com/zcash/pasta/pull/2 and https://github.com/zcash/pasta_curves/issues/7
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
5d15a3d91e
NCC audit: Fix type confusion between integers and field elements (including additional cases
...
not found in the audit, involving nullifiers and cm_x).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
7ccbf44c30
NCC audit: Define \mathbb{G} in \crossref{concretegrouphashpallasandvesta}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00